Slashdot: Book ReviewsSearch Slashdot

News for nerds, stuff that mattersSearch Slashdot stories

benrothke writes: Large enterprises have numerous information security challenges. Aside from the external threats; there's the onslaught of security data from disparate systems, platforms and applications. Getting a handle on the security output from numerous point solutions (anti-virus, routers/switches, firewalls, IDS/IPS, ERP, access control, identity management, single sign on and others), often generating tens of millions of messages and alerts daily is not a trivial endeavor. As attacks becoming more frequent and sophisticated and with regulatory compliance issues placing an increasing burden, there needs to be a better way to manage all of this. Getting the raw hardware, software and people to create a SOC is not that difficult. The challenge, and it's a big challenge, is integrating those 3 components to ensure that a formal SOC can operate effectively. In Security Operations Center: Building, Operating, and Maintaining your SOC, authors Joseph Muniz, Gary McIntyre and Nadhem AlFardan have written an indispensable reference on the topic. The authors have significant SOC development experience, and provide the reader with a detailed plan on all the steps involved in creating a SOC. Keep reading for the rest of Ben's review.

benrothke writes: It wasn't that long ago that building a full network security test lab was an expensive prospect. In The Network Security Test Lab: A Step-by-Step Guide, author Michael Gregg has written a helpful hands-on guide to provide the reader with an economical method to do that. The book is a step-by-step guide on how to create a security network lab, and how to use some of the most popular security and hacking tools. Read below for the rest of Ben's review.

New submitter sh0wstOpper writes: The topic of the Internet of Things (IoT) is gaining a lot of attention because we are seeing increasing amounts of "things", such as cars, door locks, baby monitors, etc, that are connected and accessible from the Internet. This increases the chances of someone being able to "attack" these devices remotely. The premise of Abusing the Internet of Things is that the distinction between our "online spaces" and our "physical spaces" will become harder to define since the connected objects supporting the IoT ecosystems will have access to both. Keep reading for the rest of sh0wstOpper's review.

MassDosage writes: If you are familiar with the "Effective" style of books then you probably already know how this book is structured. If not here's a quick primer: the book consists of a number of small sections each of which focus on a specific problem, issue or idea and these are discussed in a "here's the best way to do X" manner. These sections are grouped into related chapters but can be read in pretty much any order and generally don't depend on each other (and when they do this will be called out in the text). The idea is that you can read the book from cover to cover if you want but you can also just dip in and out and read only the sections that are of interest to you. This also means that you can use the book as a reference in future when you inevitably forget the details or want to double check something. Read below for the rest of Mass Dosage's review.

benrothke writes: Far too many technology books take a Hamburger Helper approach, where the first quarter or so of the book is about an introduction to the topic, and filler at the end with numerous appendices of publicly available information. These books end up being well over 800 pages without a lot of original information, even though they are written an advanced audience. In software engineering, a design pattern is a general repeatable solution to a commonly occurring problem in software design. A design pattern isn't a finished design that can be transformed directly into code. It is a description or template for how to solve a problem that can be used in many different situations. Using that approach for the cloud, in Cloud Computing Design Patterns, authors Thomas Erl, Robert Cope and Amin Naserpour have written a superb book that has no filler and fully stocked with excellent and invaluable content. Keep reading for the rest of Ben's review.

benrothke writes: The infinite monkey theorem states that a monkey hitting random typewriter keys for an infinite amount of time will eventually be able to create the complete works of Shakespeare. Various scientists such as Nobel laureate Arno Penzias have shown how the theorem is mathematically impossible. Using that metaphor, if you took every member of United States Congress and House of Representatives and wrote their collected wisdom on Iraq, it's unlikely they could equal the astuteness of even a single chapter of author Malcolm W. Nance in The Terrorists of Iraq: Inside the Strategy and Tactics of the Iraq Insurgency 2003-2014. It's Nance's overwhelming real-world experiential knowledge of the subject, language, culture, tribal affiliations and more which make this the overwhelming definitive book on the subject. Read below for the rest of Ben's review.

Saint Aardvark writes Michael W. Lucas has been writing technical books for a long time, drawing on his experience as both a system and a network administrator. He has mastered the art of making it both easy and enjoyable to inhale large amounts of information; that's my way of saying he writes books well and he's a funny guy. Networking for System Administrators, available both in DRM-free ebook and dead tree formats, is his latest book, and it's no exception to this trend. Keep reading for the rest of Saint Aardvark's review.

Michael Ross writes As with any content management system, building a website using Drupal typically requires extensive use of its administrative interface, as one navigates through its menus, fills out its forms, and reads the admin pages and notifications — or barely skims them, as they have likely been seen by the site builder countless times before. With the aim of avoiding this tedium, speeding up the process, and making it more programmatic, members of the Drupal community created a "shell" program, Drush, which allows one to perform most of these tasks on the command line. At this time, there is only one current print book that covers this tool, Drush for Developers, Second Edition, which is ostensibly an update of its predecessor, Drush User's Guide. Read below for the rest of Michael's review.

benrothke writes Technology is neutral and amoral. It's the implementers and users who define its use. In Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side. Keep reading for the rest of Ben's review.

Michael Ross writes In recent years, JavaScript has enjoyed a dramatic renaissance as it has been transformed from a browser scripting tool primarily used for special effects and form validation on web pages, to a substantial client-side programming language. Similarly, on the server side, after years as the target of criticism, the PHP computer programming language is seeing a revival, partly due to the addition of new capabilities, such as namespaces, traits, generators, closures, and components, among other improvements. PHP enthusiasts and detractors alike can learn more about these changes from the book Modern PHP: New Features and Good Practices, authored by Josh Lockhart. Keep reading for the rest of Michael's review.

benrothke writes Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, author Bruce Schneier could have justifiably written an angry diatribe full of vitriol against President Obama and the NSA for their wholesale spying on innocent Americans and violations of myriad laws. Instead, he was written a thoroughly convincing and brilliant book about big data, mass surveillance and the ensuing privacy dangers facing everyone. A comment like what's the big deal? often indicates a naiveté about a serious significant underlying issue. The idea that if you have nothing to hide you have nothing to fear is a dangerously narrow concept on the value of privacy. For many people the notion that the NSA was performing spying on Americans was perceived as not being a big deal, since if a person is innocent, then what do they have to worry about. In the book, Schneier debunks that myth and many others, and defends the importance of privacy. Keep reading for the rest of Ben's review.

MassDosage writes
As the full title to Lauren Ipsum: A story about Computer Science and Other Improbable Things indicates, this is a book about Computer Science but what's surprising about it is that it manages to be about Computer Science without actually ever directly referring to the subject or even to computers at all. It is in fact a fictional story about a young girl called Lauren who gets lost after wandering into a forest near her house after an argument with her mother. She stumbles into a world populated with all kinds of strange creatures and colorful characters some of whom she befriends in order to figure out how to get back to her home. The "figuring out" part of the plot is where things get interesting as she has many attempts at solving this problem with different characters giving her often contradictory advice and Lauren then has to decide what exactly she's trying to do and which of the various possible solutions is the best. This involves a fair amount of trial and error, learning from certain mistakes and trying different approaches. If this is starting to sound familiar to those who have written software then that's the whole point. Lauren Ipsum is cunningly littered with references to Computer Science and in particular to things like algorithms, logic puzzles and many other of the theoretical underpinnings of the subject. Read below to see what MassDosage has to say about the book.

eldavojohn writes Core HTML5 2D Game Programming details a journey through creating Snail Bait in well defined steps. This simple two dimensional platform game works as a great starting point for anyone interested in making their very first game targeting many desktop and mobile platforms. This incremental process is expertly segmented into logical lessons with the only prerequisite being fluency in JavaScript. One of the most attractive aspects of this book is that the core concepts of this book don't rely on some flavor of the week JavaScript library or framework. Read below for the rest of eldavojohn's review.

benrothke writes Many organizations are overwhelmed by the onslaught of security data from disparate systems, platforms and applications. They have numerous point solutions (anti-virus, firewalls, IDS/IPS, ERP, access control, IdM, single sign-on, etc.) that can create millions of daily log messages. In addition to directed attacks becoming more frequent and sophisticated, there are regulatory compliance issues that place increasing burden on security, systems and network administrators. This creates a large amount of information and log data without a formal mechanism to deal with it. This has led to many organizations creating a security operations center (SOC). A SOC in its most basic form is the centralized team that deals with information security incidents and related issues. In Designing and Building a Security Operations Center, author David Nathans provides the basics on how that can be done. Keep reading for the rest of Ben's review

Saint Aardvark writes If, like me, you administer FreeBSD systems, you know that (like Linux) there is an embarrassment of riches when it comes to filesystems. GEOM, UFS, soft updates, encryption, disklabels — there is a *lot* going on here. And if, like me, you're coming from the Linux world your experience won't be directly applicable, and you'll be scaling Mount Learning Curve. Even if you *are* familiar with the BSDs, there is a lot to take in. Where do you start? You start here, with Michael W. Lucas' latest book, FreeBSD Mastery: Storage Essentials. You've heard his name before; he's written Sudo Mastery (which I reviewed previously), along with books on PGP/GnuPGP, Cisco Routers and OpenBSD. This book clocks in at 204 pages of goodness, and it's an excellent introduction to managing storage on FreeBSD. From filesystem choice to partition layout to disk encryption, with sidelong glances at ZFS along the way, he does his usual excellent job of laying out the details you need to know without every veering into dry or boring. Keep reading for the rest of Saint Aardvark's review.